fix(Dockerfile): solve composer usage #731
Conversation
Adapt Dockerfile to the new place where composer is downloaded and used.
|
Thanks @bcornec |
- Only need EPEL repo for external deps - Requires file-devel at build time
- Fix package name creation for RPM based distros - Plan for more Debian/Ubuntu generation
|
Patch works for me and fixes #732 👍 |
Dockerfile
Outdated
| RUN curl -sS https://getcomposer.org/installer | php && \ | ||
| mv composer.phar /usr/local/bin/composer | ||
| mkdir /tmp/composer && \ | ||
| mv composer.phar /tmp/composer/composer |
There was a problem hiding this comment.
the path /tmp/composer/composer is not a very good choice, since
- this folder gets cleaned on every reboot on most systems
/tmp/might be mounted withnoexecfor security reasons- it might interfere with other fossoloy development setups
Note: this comment is to late and is related to #701 which is already merged. In my opinion one should change COMPOSERTMP = /tmp/composer to something in the current subtree.
There was a problem hiding this comment.
The script fo_installdeps still installs composer to the "old" place:
fossology/utils/fo-installdeps
Line 267 in 35d9576
There was a problem hiding this comment.
If one calls the following
$ make composer_download
$ sudo make composer_installone is no longer able to execute composer_download again, since root owns some of the files in ~/.composer. Thus loosing the binary at /tmp/composer/composer is hard problem. (tested on vagrant setup)
screenshot:
There was a problem hiding this comment.
Idea: on Projectbuilder setup install composer to /tmp/composer/composer and add /tmp/composer to $PATH before calling make phpvendors resp make composer_install and remove all changes related to the placement of composer.
@bcornec would this be ok for you?
There was a problem hiding this comment.
You points wrt noexec are valid so I agree we should find a better place to host it.
I didn't want to perturbate your process too much, but indeed downloading it in the fossology tree should bring what we need and solve the issues you mentioned. I'll propose a new patch for that.
There was a problem hiding this comment.
This does not solve the problem with "once you have used sudo make composer_install and you have lost the composer binary, you are no longer able to install composer via make composer_download" (unless you use admin privileges remove ~/.composer) see comment above.
What speaks against using the $PATH variable to tell the makefiles where to look for composer?
There was a problem hiding this comment.
Using PATH is relying on environment to be correct in the first place. If another command is named composer and placed earlier in PATH, you lost :-( And if it's a malicious one, it's worse.
What's wrong with calling it with the full path name, once you know where it should be hosted ?
I think the approach we currently have is the right one, except for the location which should be under the fossology tree (which I didn't want to do myself). Also which variable can be used to declare that fossology tree ?
Wrt the .composer dir, I wasn't aware of that. But the solution is rather to remove that directory then in the Makefile at last step of the install phase (run by root as well), as anyway it shouldn't be created as root.
There was a problem hiding this comment.
But:
- we still do not know where it should be hosted
- the command
make composer_downloadfails after composer was called once as root - you need to download it once for every source tree
- if you clone in a new location you might not be able to install the necessary composer, unless you remove the
~/.composerfolder. In fact you might not have the necessary permissions to do that and thus are not able build the project
- if you clone in a new location you might not be able to install the necessary composer, unless you remove the
- being forced to remove the folder
~/.composeris not good - you then have to adopt
- the
fo-installdeptsscript - the documentation: an additional step is needed for the source installation (the archived documentation which is still used by some people and is easily found will stop working)
- the docker scripts
- the vagrant scripts
- the
Using PATH is relying on environment to be correct in the first place.
- since you are the person defining
PATH=/my/composer/path:$PATHthat should not be a problem - you might not want to prevent users from using system packages of composer. E.g. my operating system offers them.
Also which variable can be used to declare that fossology tree ?
Do you search for an environmental variable used for this? I'm not aware of such an variable in the Makefiles
But the solution is rather to remove that directory then in the Makefile at last step of the install phase (run by root as well)
You can't simply remove the ~/.composer folder, which might be used for other projects on the machine.
... as anyway it shouldn't be created as root.
That is an composer problem. When downloaded and installed as user, it seems to write the current home into the composer.phar which we rename to composer. Thus runnig this composer with root touches files in ~/.composer of the user.
this commit - undos the changes to the composer placement introduced in fossology#701 - adds the wrapper script `utils/run_with_composer_in_path.sh` which downloads composer on demand and adds it to the PATH for the passed command. (usage: `path/to/utils/run_with_composer_in_path.sh make composer_install`) - this fixes the source installation, i.e. the documentation was not up to date - this fixes the problems with `vagrant up` (see fossology#732) - this fixes the problems with `docker-compose build` as discussed in fossology#731 closes fossology#732
|
See #738 as alternative solution. |
Fixes issue where a pointer to a local variable is being returned from the `getRegexValue` function, causing an invalid regex to be passed to the copyright agent, triggering an infinite loop and agent crash after memory exhaustion.
As a quickfix, this adds a fallback in `phpunit-bootstrap.php` which will work in all cases.
Cleaning up the final version of the vagrant test file in pbconf for testing and developing package builds after it worked for centos7. In addition fixing configuration for Apache httpd 2.4
Download composer into a fossology subdir (tmp) setup COMPOSER_HOME to avoid creation of a .composer dir at install Fix Docker and Vagrant to use make composer_install
this commit - undos the changes to the composer placement introduced in fossology#701 - adds the option to pass the environmental variable `COMPOSER_PHAR` to `src/Makefile` to allow placing the composer.phar at arbitrary places - this fixes the source installation, i.e. the documentation was not up to date - this fixes the problems with `vagrant up` (see fossology#732) - this fixes the problems with `docker-compose build` as discussed in fossology#731 closes fossology#732
this commit - undos the changes to the composer placement introduced in fossology#701 - adds the option to pass the environmental variable `COMPOSER_PHAR` to `src/Makefile` to allow placing the composer.phar at arbitrary places - this fixes the source installation, i.e. the documentation was not up to date - this fixes the problems with `vagrant up` (see fossology#732) - this fixes the problems with `docker-compose build` as discussed in fossology#731 closes fossology#732
this commit - undos the changes to the composer placement introduced in fossology#701 - adds the option to pass the environmental variable `COMPOSER_PHAR` to `src/Makefile` to allow placing the composer.phar at arbitrary places - this fixes the source installation, i.e. the documentation was not up to date - this fixes the problems with `vagrant up` (see fossology#732) - this fixes the problems with `docker-compose build` as discussed in fossology#731 closes fossology#732
this commit - undos the changes to the composer placement introduced in fossology#701 - adds the option to pass the environmental variable `COMPOSER_PHAR` to `src/Makefile` to allow placing the composer.phar at arbitrary places - this fixes the source installation, i.e. the documentation was not up to date - this fixes the problems with `vagrant up` (see fossology#732) - this fixes the problems with `docker-compose build` as discussed in fossology#731 closes fossology#732
this commit - undos the changes to the composer placement introduced in fossology#701 - adds the option to pass the environmental variable `COMPOSER_PHAR` to `src/Makefile` to allow placing the composer.phar at arbitrary places - this fixes the source installation, i.e. the documentation was not up to date - this fixes the problems with `vagrant up` (see fossology#732) - this fixes the problems with `docker-compose build` as discussed in fossology#731 closes fossology#732
Adapt Dockerfile to the new place where composer is
downloaded and used.